Summary
CentralIdP: CX-Central realm updates (init container image) based on latest test results.
Follow up to #66.
CX-Central realm updates
The following bugfixes need to be implemented in the new release:
Seeded service accounts
- BPN mapper and user attribute "bpn" were added to the following service accounts:
- sa-cl1-reg-2
- sa-cl2-01
- sa-cl2-02
- sa-cl2-03
- sa-cl2-04
- sa-cl2-05
- sa-cl24-01
- sa-cl7-cx-5
- sa-cl8-cx-1
✅
- Fix role assignment and BPN od sa-cl3-cx-1
- remove composite roles "Identity Wallet Management" and "Dataspace Discovery"
- change to bpn value in user attribute to CX-Operator BPN
✅
Specific Changes on BPDM
-
Role "Company Admin" inside the client "Cl1-CX-Registration" need to get following permissions added:
read_partner_member
of client Cl7-CX-BPDM ✅
read_changelog_member
of client Cl7-CX-BPDM ✅
read_metadata
of client Cl7-CX-BPDM ✅
read_partner
of client Cl7-CX-BPDM ✅
-
Role "Company Admin" inside the client "Cl2-CX-Portal" need to get following permissions added:
read_partner_member
of client Cl7-CX-BPDM ✅
read_changelog_member
of client Cl7-CX-BPDM ✅
read_metadata
of client Cl7-CX-BPDM ✅
-
Role "CX Admin" inside the client "Cl2-CX-Portal" need to get following permissions added:
- all permissions of Cl7-CX-BPDM ✅
- all permissions of Cl16-CX-BPDMGate ✅
New Role needed
"Business Partner Data Manager" inside the client "Cl2-CX-Portal", with following permissions
read_partner_member
of client Cl7-CX-BPDM ✅
read_changelog_member
of client Cl7-CX-BPDM ✅
read_metadata
of client Cl7-CX-BPDM ✅
- and all
CX User
permissions ✅
=> assign this new role inside the portal DB to all collection. Each company role can assign this role to their users. ✅
Add the role "BPDM Pool Sharing Consumer" inside the client technical_roles_management
and assign following permissions
read_partner_member
of client Cl7-CX-BPDM ✅
read_changelog_member
of client Cl7-CX-BPDM ✅
read_metadata
of client Cl7-CX-BPDM ✅
read_changelog
of client Cl7-CX-BPDM ✅
=> assign this new role inside the portal DB to the collection CX Operator
✅
The following technical user roles should be available for app/service providers (this is given by linking those roles to the respective collection/company role) in the portal DB.
BPDM Sharing Input Consumer
BPDM Sharing Output Consumer
✅
done by eclipse-tractusx/portal-backend#707
Assign the role BPDM Pool Consumer
of the client technical_user_management
to all Composite roles in the Portal Client.
- CX Admin ✅
- Company Admin ✅
- Business Admin ✅
- IT Admin ✅
- CX User ✅
- Purchaser ✅
- App Developer ✅
- App Manager ✅
- Sales Manager ✅
- Service Manager ✅
- Business Partner Data Manager ✅
Add Permission
Add new permission view_credential_requests
to the client Cl24-CX-SSI-CredentialIssuer
✅
Fix for Cl24-CX-SSI-CredentialIssuer and assignment to composite Portal roles
Those specific assignments:
CX Admin
- add "view_use_case_participation" ✅
- add "revoke_credentials_issuer" ✅
- add "revoke_credential" ✅
- add "view_certificates" ✅
- add "view_credential_requests" ✅
Company Admin
- add "view_use_case_participation" ✅
- add "revoke_credential" ✅
- add "view_certificates" ✅
- add "view_credential_requests" ✅
IT Admin
- add "view_use_case_participation" ✅
- add "revoke_credential" ✅
- add "view_certificates" ✅
- add "view_credential_requests" ✅
Business Admin
- add "view_use_case_participation" ✅
- add "revoke_credential" ✅
- add "view_certificates" ✅
- add "view_credential_requests" ✅
Additionally, "view_credential_requests" => to be assigned to all Portal Client Roles
- CX User ✅
- Purchaser ✅
- App Developer ✅
- App Manager ✅
- Sales Manager ✅
- Service Manager ✅
- Business Partner Data Manager ✅
BTW: "view_certificates" refers to credential not certificates, it's poorly named role
Re-add "request_ssicredential" role to client Cl2-CX-Portal
(removed as part of #66) ✅
Newly create "service_management" for client Cl2-CX-Portal
✅
Clean-up of the App Manager role:
- remove "add_user_account" ✅
- add "view_connectors" ✅
- add "view_app_subscription" ✅
- add "view_service_subscriptions" ✅
Business Admin
- add "view_client_roles" ✅
- add "view_own_user_account**?** ✅
- add "update_own_user_account" ✅
- remove "view_connectors" ✅
- add "view_documents" ✅
- add "view_membership" ✅
- add "delete_notifications" ✅
- add "request_ssicredential" (Client: portal) ✅
IT Admin
- add "view_documents" ✅
- add "request_ssicredential" (Client: portal) ✅
Service Manager
- add "add_self_descriptions" ✅
- add "delete_documents" ✅
- add "service_management" ✅
App Developer
- add "view_license_types" ✅
- add "view_service_subscriptions" ✅
Sales Manager
- add "view_app_subscription" ✅
- add "app_management" ✅
- add view_service_subscriptions ✅
- add "service_management" ✅
CX Admin
- add "service_management" ✅
- add "request_ssicredential" (Client: portal) ✅
Purchaser
- add "subscribe_service" ✅
- add "view_service_subscriptions" ✅
CX User
- add "view_service_subscriptions" ✅
Company Admin
- add "request_ssicredential" (Client: portal) ✅